Skip to content

Commit 26779fb

Browse files
wusslerlubux
wussler
authored and
lubux
committed
Create a copy of the encrypted key when forwarding
1 parent 23fe98f commit 26779fb

File tree

2 files changed

+21
-11
lines changed

2 files changed

+21
-11
lines changed

Diff for: openpgp/forwarding_test.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ Loop:
183183
}
184184
switch p := p.(type) {
185185
case *packet.EncryptedKey:
186-
err = p.ProxyTransform(
186+
tp, err := p.ProxyTransform(
187187
instance.ProxyParameter,
188188
instance.ForwarderKeyId,
189189
instance.ForwardeeKeyId,
@@ -194,7 +194,7 @@ Loop:
194194

195195
splitPoint = bytesReader.Size() - int64(bytesReader.Len())
196196

197-
err = p.Serialize(transformedEncryptedKey)
197+
err = tp.Serialize(transformedEncryptedKey)
198198
if err != nil {
199199
t.Fatalf("error serializing transformed PKESK: %s", err)
200200
}

Diff for: openpgp/packet/encrypted_key.go

+19-9
Original file line numberDiff line numberDiff line change
@@ -458,27 +458,37 @@ func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFu
458458
return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config)
459459
}
460460

461-
func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) error {
461+
func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) {
462462
if e.Algo != PubKeyAlgoECDH {
463-
return errors.InvalidArgumentError("invalid PKESK")
463+
return nil, errors.InvalidArgumentError("invalid PKESK")
464464
}
465465

466466
if e.KeyId != 0 && e.KeyId != forwarderKeyId {
467-
return errors.InvalidArgumentError("invalid key id in PKESK")
467+
return nil, errors.InvalidArgumentError("invalid key id in PKESK")
468468
}
469469

470470
ephemeral := e.encryptedMPI1.Bytes()
471-
transformed, err := ecdh.ProxyTransform(ephemeral, proxyParam)
471+
transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam)
472472
if err != nil {
473-
return err
473+
return nil, err
474474
}
475475

476-
e.encryptedMPI1 = encoding.NewMPI(transformed)
477-
if e.KeyId != 0 {
478-
e.KeyId = forwardeeKeyId
476+
wrappedKey := e.encryptedMPI2.Bytes()
477+
copiedWrappedKey := make([]byte, len(wrappedKey))
478+
copy(copiedWrappedKey, wrappedKey)
479+
480+
transformed = &EncryptedKey{
481+
KeyId: forwardeeKeyId,
482+
Algo: e.Algo,
483+
encryptedMPI1: encoding.NewMPI(transformedEphemeral),
484+
encryptedMPI2: encoding.NewOID(copiedWrappedKey),
479485
}
480486

481-
return nil
487+
if e.KeyId == 0 {
488+
e.KeyId = 0
489+
}
490+
491+
return transformed, nil
482492
}
483493

484494
func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error {

0 commit comments

Comments
 (0)